WordPress HTML5 Video Player with Playlist Plugin <= 2.4.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress OMFG Mobile Pro Plugin <= 1.1.26 - XSS

Because of this vulnerability in shortcode-generator/preview-shortcode-external.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Malware Finder Plugin <= 1.1 - XSS

Because of this vulnerability in process.php, the attackers can inject arbitrary web script or HTML via the "query" parameter. Solution Update the plugin...

WordPress WP Ultimate Email Marketer Plugin <= 1.1.0 - XSS

Because of these vulnerabilities in contact/edit.php, the attackers can inject arbitrary web script or HTML via the "contact" or "listname"parameter. Solution Update the plugin...

WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS

Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...

WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...

WordPress Search Everything Plugin <= 8.1.0 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified victims via unknown vectors. Solution Update the plugin...

WordPress <= 3.0.1 - XSS

Because of this vulnerability in wp-admin/plugins.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

WordPress WP Forum Server Plugin <= 1.7.4 - XSS

Because of this vulnerability in fs-admin/wpf-add-forum.php, the attackers can inject arbitrary web script or HTML via the "groupid" parameter. Solution Update the plugin...

WordPress Blue Wrench Video Widget Plugin - Cross Site Request Forgery

WordPress Blue Wrench Video Widget plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...

WordPress Comment Attachment Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Attachment field title." Solution Update the plugin...

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #1

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "sort" parameter. Solution Update the plugin...

WordPress Facebook Members Plugin <= 5.0.4 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...

WordPress Simple Paypal Shopping Cart Plugin <= 3.5 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings. Solution Update the plugin...

WordPress Symposium Plugin <= 13.03 - XSS

Because of this vulnerability in invite.php in, the attackers can inject arbitrary web script or HTML via the "u" parameter. Solution Update the plugin...

WordPress LeagueManager Plugin 3.8 - SQL Injection

LeagueManager plugin is prone to an SQL injection that exists in the "leagueid" parameter of a function call made by the leaguemanagerexport page. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit...

WordPress Ripe HD FLV Player Plugin - SQL Injection

WordPress Ripe HD FLV Player plugin is prone to an SQL injection vulnerability. It allows an attacker to get access to the database, get username, password and disclosure the full path. Solution Update the plugin...

WordPress WP MailUp Plugin <= 1.3.2 - XSS

This plugin is prone to cross site scripting attacks by setting the wordpressloggedin cookie. Solution Update the plugin...

WordPress FLV Player Plugin 1.1 - SQL Injection

This WordPress FLV Player plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress SCORM Cloud Plugin <= 1.0.6 - SQL Injection

Because of this vulnerability in ajax.php, the attackers can execute arbitrary SQL commands via the "active" parameter. Solution Update the plugin...

WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #1

Because of these vulnerabilities, the authenticated users can execute arbitrary SQL commands via the "editforumid parameter" in an editsaveforum action, "id" parameter to fs-admin/fs-admin.php or "memberid" parameter in a removemember action. Solution Update the plugin...

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...

WordPress 2 Click Social Media Buttons Plugin <= 0.33 - XSS

Because of this vulnerability in libs/xing.php, the attackers can inject arbitrary web script or HTML via the "xing-url" parameter. Solution Update the plugin...

WordPress Chenpress Plugin - Arbitrary File Upload

WordPress Chenpress plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...

WordPress Automatic Plugin 2.0.3 - SQL Injection

This WordPress Automatic plugin is prone to an SQL injection. This vulnerability works in the csv.php file which does not require valid login credential and it allows an attacker to execute SQL Queries. Solution Upgrade this plugin to version 2.0.4...

WordPress Soundcloud Is Gold 2.1 - Cross Site Scripting

WordPress Soundcloud Is Gold plugin's "width" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

WordPress ZenLite Theme <= 4.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion

AllWebMenus plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...

WordPress Crawl Rate Tracker Plugin <= 2.0.2 - SQL Injection

Crawl Rate Tracker plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

WordPress <= 3.1.2 - Clickjacking Attacks

This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...

WordPress <= 3.1.2 - Unspecified vulnerability #2

Because of this vulnerability, there are unknown impact and attack vectors related to "Media security." in this WordPress version. Solution Update WordPress...

WordPress Custom Pages Plugin 0.5.0.1 - Local File Inclusion

This vulnerability can be exploited to include arbitrary files. Solution Update the plugin...

WordPress <= 3.0.1 - SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via the Send Trackbacks field. Solution Update WordPress...

WordPress FeedList Plugin 2.61.01 - Cross-Site Scripting Vulnerability

This FeedList plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability

This NextGEN Gallery plugin is prone to a cross-site scripting vulnerability. It is really popular plugin for the WordPress content management system, usually found as a blogging platform. The vulnerability manipulates the mode parameter of the xml/media-rss.php script and it results that...

WordPress WP Cumulus Plugin <= 1.21 - XSS

Because of this vulnerability in wp-cumulus.php, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

JD-WordPress 2.0 RC2 - Remote file inclusion

The vulnerabilities in JD-WordPress allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter in 1 wp-comments-post.php, 2 wp-feed.php, or 3 wp-trackback.php. Solution Update WordPress...

WordPress Simple Forum Plugin - SQL Injection

Because of this vulnerability in ahah/sf-profile.php, the attackers can execute arbitrary SQL commands via the "u" parameter. Solution Update the plugin...

WordPress fMoblog Plugin 2.1 - SQL Injection Vulnerability

SQL injection vulnerability found in fmoblog.php. An attacker can execute arbitrary SQL commands via the id parameter to index.php. Solution Upgrade plugin...

WordPress <= 2.3.2 - Multiple XSS vulnerabilities

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

WordPress <= 2.3.2 - Unauthorized Access Vulnerability

Because of this vulnerability, the attackers can edit posts of other blog users via unknown vectors. Solution Update WordPress...

WordPress DMSGuestbook Plugin <= 1.7.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Migration Plugin <= 1.0 - CSRF

Because of this vulnerability in deanspermalinksmigration.php, the attackers can modify the oldstructure configuration setting. Solution Update the plugin...

WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload

Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...

WordPress <= 2.0.11 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...

WordPress <= 2.0.3 - Directory Traversal

Because of this vulnerability in wp-db-backup.php, the attackers can read arbitrary files, delete arbitrary files, and cause a denial of service in the "backup" parameter. Solution Update WordPress...

WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion

Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...

WordPress AndyBlue Theme - XSS

Because of this vulnerability in searchform.php, the attackers can inject arbitrary web script or HTML. Solution Update the theme...

WordPress myGallery Plugin <= 1.4 - Remote File Inclusion

Because of this vulnerability in myfunctions/mygallerybrowser.php, the attackers can execute arbitrary PHP code via a URL in the "myPath" parameter. Solution Update the WordPress myGallery plugin to the latest available version at least 1.5...

WordPress <= 2.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...